Tables installed with Threat Intelligence

Tables installed with Threat Intelligence

Tables installed with Threat Intelligence

Threat Intelligence
adds the following tables.

Table

Description

Attack mechanism

[sn_ti_attack_mechanism]

Organizes attack patterns hierarchically based on mechanisms that are
frequently employed when exploiting a vulnerability. The categories that are
members of this view represent the different techniques used to attack a
system.

Attack mode/method

[sn_ti_attack_mode]

Attack modes and methods are representations of the behavior of cyber
adversaries. They characterize what an adversary does and how they do it in
increasing levels of detail.

Discovery method

[sn_ti_discovery_method]

An expression of how an incident was discovered.

Feed

[sn_ti_feed]

Used for configuring the Threat Feed (RSS) in the Threat Overview.

Indicator Attack mode/method

[sn_ti_m2m_indicator_attack_mode]

Used to map attack modes/methods to indicators.

Indicator of Compromise

[sn_ti_indicator]

Used to convey specific observable patterns combined with contextual
information intended to represent artifacts and/or behaviors of interest within a
cyber security context.

Indicator of Compromise Metadata

[sn_ti_indicator_metadata]

Indicator Source

[sn_ti_m2m_indicator_source]

Used to collect all the sources reporting the specific indicator.

Indicator Type

[sn_ti_indicator_type]

Used to characterize a cyber threat indicator made up of a pattern
identifying certain observable conditions as well as contextual information about
the patterns meaning, how and when it is acted on, and so on.

Associated Indicator Type

[sn_ti_m2m_indicator_indicator_type]

Links indicators with their applicable types.

Intended effect

[sn_ti_intended_effect]

Used for expressing the intended effect of a threat actor.

IP Scan Result

[sn_ti_ip_result]

Used to show the results of an IP lookup.

Malware Rate limit

[sn_ti_rate_limit]

Defines a rate limit to be used on a lookup source.

Malware Scan

[sn_ti_scan]

A lookup. Contains what to look up, with what lookup source, and a summary of
the lookup results.

Malware Scanner

[sn_ti_scanner]

Defines third-party lookup sources to use in performing lookups.

Malware Scanner Rate Limit

[sn_ti_scanner_rate_limit]

Associates a lookup source with a rate limit.

Malware Scan Queue Entry

[sn_ti_scan_q_entry]

A lookup record queued for lookup or processing. Facilitates the requests
within stated rate limits.

Malware Scan Result

[sn_ti_scan_result]

Displays the result of a lookup.

Malware Type

[sn_ti_malware_type]

Used for expressing the types of malware instances.

Observable

[sn_ti_observable]

Observables in STIX represent stateful properties or measurable events
pertinent to the operation of computers and networks.

Observable Indicator

[sn_ti_m2m_observable_indicator]

Used to relate observables to indicators.

Observable Source

[sn_ti_observable_source]

Used to relate observables to threat sources.

Observable Type

[sn_ti_observable_type]

Lists the various types of observables, such as IP addresses.

Related attack mode/method

[sn_ti_m2m_attack_mode_attack_mode]

Used to relate attack modes to each other.

Related Observables

[sn_ti_m2m_observables]

Used to relate observables to each other.

Scan type

[sn_ti_scan_type]

The definition of a lookup type, with initial records for File, URL, and IP.

Supported Observable Types

[sn_ti_m2m_ind_type_obs_type]

Relates indicator types to valid observable types.

Supported Scan Type

[sn_ti_supported_scan_type]

Maps the lookup type to a lookup source/vendor-specific implementation.
Indicates that a specific lookup source supports the type.

Task Attack mode/method

[sn_ti_m2m_task_attack_mode]

Relates attack modes to tasks.

Task Indicator

[sn_ti_m2m_task_indicator]

Relates indicators to tasks.

Task Observable

[sn_ti_m2m_task_observable]

Relates observables to tasks.

TAXII Collection

[sn_ti_taxii_collection]

Defines a cyber-risk intelligence feed that can be imported by a TAXII
server.